Header Ads

DDos Attack Using Loic

The DOS (Denial of service) attack
is one of the more powerful hacks, capable of completely taking a
server down. In this way, the server will not be able to handle the
requests of valid users. With a DOS attack, many computer systems
connected to the internet will try to flood a server with false
requests, leading to a service disruption. There are many ways in which
an attacker can enact this attack on a server system over the network or
the internet. Some hackers try this attack with their own coded tools
while others use previously available tools.

A LOIC (Low Orbit Ion Cannon) is
one of the most powerful DOS attacking tools freely available. If you
follow news related to hacking and security issues, you doubtless have
been hearing about this tool for the past several months. It has become
widely used, including in some highly-publicized attacks against the
PayPal, Mastercard and Visa servers a few months back. This tool was
also the weapon of choice implemented by the (in)famous hacker group,
Anonymous, who have claimed responsibility for many high profile hacking
attacks, among them, hacks against Sony, the FBI and other US security
agencies. The group not only used this tool, but also requested that
others download it and join Anonymous attacks via IRC.

In this brief article, I will give
an overview and operational model of the tool. There are 2 versions of
the tool: the first is the binary version, which is the original LOIC
tool. The other is web-based LOIC or JS LOIC.

Figure 1: Original LOIC

About The Original LOIC Tool:

The LOIC was originally developed
by Praetox Technologies as a stress testing application before becoming
available within the public domain. The tool is able to perform a simple
dos attack by sending a large sequence of UDP, TCP or HTTP requests to
the target server. It’s a very easy tool to use, even by those lacking
any basic knowledge of hacking. The only thing a user needs to know for
using the tool is the URL of the target. A would-be hacker need only
then select some easy options (address of target system and method of
attack) and click a button to start the attack.

The tool takes the URL of the
target server on which you want to perform the attack. You can also
enter the IP address of the target system. The IP address of the target
is used in place of an internal local network where DNS is not being
used. The tool has three chief methods of attack: TCP, UDP and HTTP. You
can select the method of attack on the target server. Some other
options include timeout, TCP/UDP message, Port and threads. See the
basic screen of the tool in the snapshot above in Figure 1.

The LOIC version used by Anonymous
group attacks was different than the original LOIC. It had an option to
connect the client to the IRC (Internet Relay Chat). This allowed the
tool to be remotely controlled, using the IRC protocol. In that case,
the user machine became part of a botnet. A botnet is a system of
compromised computer systems connected to each other via the internet,
which are in turn controlled by the attacker who directs the malware
toward his / her target. The bigger the botnet, the more powerful the
attack is.

Figure 2: Modified version of LOIC with an option for IRC connect

Type of attacks: As
I’d mentioned previously, the LOIC uses three different types of
attacks (TCP, UDP and HTTP). All three methods implement the same
mechanism of attack. The tool opens multiple connections to the target
server and sends a continuous sequence of messages which can be defined
from the TCP/UDP message parameter option available on the tool. In the
TCP and UDP attacks, the string is sent as a plain text but in the HTTP
attack, it is included in the contents of a HTTP GET message.

This tool continues sending
requests to the target server; after some time, the target server
becomes overloaded. In this way, the target server will no longer be
able to respond to requests from legitimate users, effectively shutting
it down.

Analysis of the attack:

UDP Attack: To
perform the UDP attack, select the method of attack as UDP. It has port
80 as the default option selected, but you can change this according to
your need. Change the message string or leave it as the default.

TCP Attack: This method is similar to UDP attack. Select the type of attack as TCP to use this.

HTTP Attack: In
this attack, the tool sends HTTP requests to the target server. A web
application firewall can detect this type of attack easily.

How to use LOIC to perform a Dos attack: Just follow these simple steps to enact a DOS attack against a website (but do so at your own risk).

Step 1: Run the tool.

Step 2: Enter
the URL of the website in The URL field and click on Lock O. Then,
select attack method (TCP, UDP or HTTP). I will recommend TCP to start.
These 2 options are necessary to start the attack.

Figure3: LOIC in action (I painted the URL and IP white to hide the identity of the victim in snap)

Step 3: Change
other parameters per your choice or leave it to the default. Now click
on the Big Button labeled as “IMMA CHARGIN MAH LAZER.” You have just
mounted an attack on the target.

After starting the attack you will
see some numbers in the Attack status fields. When the requested number
stops increasing, restart the LOIC or change the IP. You can also give
the UDP attack a try. Users can also set the speed of the attack by the
slider. It is set to faster as default but you can slow down it with the
slider. I don’t think anyone is going to slow down the attack.

Here’s the meaning of each field:

IDLE: It shows the number of threads idle. It should be zero for higher efficiency of the attack.

Connecting: This shows the number of threads that are trying to connect to the victim server.

Requesting: This shows the number of threads that are requesting some information from the victim server.

Downloading: This shows the number of threads that are initiating some download for some information from the server.

Downloaded: This number shows how many times data downloading has been initiated from victim server on which you are attacking.

Requested: This number shows how many times a data download has been requested from victim server.

Failed: This
number shows how many times the server did not respond to the request. A
larger number in this field means the server is going down. The success
of the attack can be measured by the number shown in this field.

LOIC in HIVEMIND: The
windows version of LOIC has a feature called HIVEMIND. With this, users
can connect their client to an IRC server. In this way, it can be
controlled remotely, thus facilitating some risky attacks, so use this
wisely. But connecting to an IRC server will not allow a remote
administration of your machine or any other risks to your system: it
will only control your LOIC client. This method was used to collect more
people in the DDOS attack against Visa, Mastercard, and other financial
organizations that supported Wikileaks. (The attack was called
“Operation Pay-back.”)

In this mode, thousands of system
attacks on a single website to made a real impact. The more people that
joined the attack via IRC, the more powerful the attack became.

To start LOIC in HIVEMIND mode, run this command in the command prompt:

LOIC.exe /hivemind irc.server.address

After running the above command, your LOIC client will connect to irc://irc.server.adress:6667/loic

You can also set more parameters in the command to use the tool in better way. Use port and channel too with the command.

LOIC.exe /hivemind irc.server.address 1234 #secret

It will connect to irc://irc.server.adress:1234/secret

HIDDEN MODE: You
can also run your LOIC in hidden mode while using it in HIVEMIND.
Running in hidden mode means LOIC will run without any visible GUI at
your windows system. Just add /HIDDDEN in your command.

LOIC.exe /hidden /hivemind irc.server.address

It will connect LOIC client to irc://irc.server.adress:6667/loic without any visible GUI on windows.

Web-based LOIC (JS LOIC): This version of LOIC was released on 9th
December, 2010. This web- based tool runs only on JavaScript-enabled
web browsers. In JS LOIC, JS stands for JavaScript This version of LOIC
sends an ID and message with lots of connections with each ID and
message. This is easier to use than the desktop version. Just visit the
web page with a single HTML file and start the attack. The attack power
of this version is same as from the desktop.

Drawbacks of using LOIC: The
main drawback of LOIC as a DOS attack tool is that it is very easy to
find the attacker. This tool does not take any precautions to hide IP
address of the origin of the attack. Attacks generated by this tool are
simple and expose the IP address of attacker in each request packet sent
to victim server to flood the request queue. If you are thinking that
we can use proxies to solve this problem, you are wrong. Attackers
cannot use proxies in these attacks because your requests will hit the
proxy server, not the target server. So you will not be able to launch a
DOS attack on the server effectively while using a proxy. But some
analysts say that this can be used with a proxy server if the proxy is
robust enough. According to them, all your request packets will be
forwarded to the server system by proxy at the end.

How to prevent the attack of LOIC: LOIC
is available for free to download and use, and can be used effectively
with very little hacking experience. Anyone that wants to can attack a
website with this tool.

As discussed above, the attack of
this tool is simple and easy to identify. A well-configured firewall is
enough to prevent the attack from being fully effective. And a server
administrator can see the request logs to identify the IP and block the
IP from the server. Every website owner or server administrators should
monitor the traffic and all the activities being performed on the
server. This can help well enough against the attack. But this will not
help you when a network of LOIC clients will fire on the server system
all at once. Protecting the server with a Firewall configured to filter
the packets sent by the LOIC is the best way to protect against the
attack.

Conclusion: In
past few months, this tool was downloaded millions of times and used
against some big websites such as Mastercard, Visa, and PayPal to
support Wikileaks. The group known as Anonymous used this tool to attack
these websites, but it was not traceable. A lot of people joined the
team with the IRC network, so no one knows who the real persons behind
the group were, within such a large network of systems used in the
attacks.

Use of this tool means sending
some one threatening messages with your address and phone number. You
will be easily caught. In some countries, a DOS attack is not illegal.
You can use this tool as an individual, but this tool is not going to
help you if you will use it with your system alone. You will need a
network of systems to join your attack. This tool is easy to use and see
the demonstration of DOS attack. But try it on your own risk.

This tool is available for free on
the internet so any person can download it and create a problem for any
website. Although catching the attacker is easy, protection against
such an attack is relatively easy to achieve. I suggest each company and
server administrator make sure that their firewall is configured to
protect from the attack generated by LOIC.pay per click advertisingDownload here loic